<?xmlversion='1.0' encoding='utf-8'?>version="1.0" encoding="UTF-8"?> <!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]><?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.5.6 --><rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-httpbis-proxy-status-08"category="std"number="9209" obsoletes="" updates="" submissionType="IETF" category="std" consensus="true" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3"><!-- xml2rfc v2v3 conversion 3.10.0 --><front> <title abbrev="Proxy-Status Header">The Proxy-Status HTTP Response Header Field</title> <seriesInfoname="Internet-Draft" value="draft-ietf-httpbis-proxy-status-08"/>name="RFC" value="9209"/> <author initials="M." surname="Nottingham" fullname="Mark Nottingham"> <organization>Fastly</organization> <address> <postal> <postalLine>Prahran</postalLine> <postalLine>Australia</postalLine> </postal> <email>mnot@mnot.net</email> <uri>https://www.mnot.net/</uri> </address> </author> <author initials="P." surname="Sikora" fullname="Piotr Sikora"> <organization>Google</organization> <address> <email>piotrsikora@google.com</email> </address> </author><date/><date year="2022" month="June" /> <area>Applications and Real-Time</area> <workgroup>HTTP</workgroup><keyword>Internet-Draft</keyword><keyword>proxy</keyword> <keyword>intermediary</keyword> <keyword>reverse proxy</keyword> <abstract> <t>This document defines the Proxy-Status HTTP response field to convey the details ofintermediaryan intermediary's response handling, including generated errors.</t> </abstract><note> <name>Note to Readers</name> <t><em>RFC EDITOR: please remove this section before publication</em></t> <t>Discussion of this draft takes place on the HTTP working group mailing list (ietf-http-wg@w3.org), which is archived at <eref target="https://lists.w3.org/Archives/Public/ietf-http-wg/">https://lists.w3.org/Archives/Public/ietf-http-wg/</eref>.</t> <t>Working Group information can be found at <eref target="https://httpwg.org/">https://httpwg.org/</eref>; source code and issues list for this draft can be found at <eref target="https://github.com/httpwg/http-extensions/labels/proxy-status">https://github.com/httpwg/http-extensions/labels/proxy-status</eref>.</t> </note></front> <middle> <section anchor="introduction" numbered="true" toc="default"> <name>Introduction</name> <t>HTTP intermediaries (see <xref section="3.7" sectionFormat="of" target="HTTP" format="default"/>) -- including both forward proxies and gateways (also known as "reverse proxies") -- have become an increasingly significant part of HTTP deployments. In particular, reverse proxies andContent Delivery Networkscontent delivery networks (CDNs) form part of the critical infrastructure of manyWeb sites.</t>websites.</t> <t>Typically, HTTP intermediaries forward requests towards the origin server (inbound) and then forward their responses back to clients (outbound). However, if an error occurs before a response is obtained from an inbound server, the response is often generated by the intermediary itself.</t> <t>HTTP accommodates these types of errors with a few statuscodes;codes -- for example, 502Bad Gateway(Bad Gateway) and 504Gateway Timeout.(Gateway Timeout). However, experience has shown that more information is necessary to aid debugging and communicate what's happened to the client. Additionally, intermediaries sometimes want to convey additional information about their handling of a response, even if they did not generate it.</t> <t>To enable these uses, <xref target="header" format="default"/> defines a new HTTP response field to allow intermediaries to convey details of their handling of a response. <xref target="params" format="default"/> enumerates the information that can be added to the field by intermediaries, which can be extendedasper <xref target="register-param" format="default"/>. <xref target="error-types" format="default"/> defines a set of error types for use when a proxy encounters an issue when obtaining a response for the request; these can likewise be extendedasper <xref target="register-error" format="default"/>.</t> <section anchor="notational-conventions" numbered="true" toc="default"> <name>Notational Conventions</name><t>The<t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xreftarget="RFC2119" format="default"/>target="RFC2119"/> <xreftarget="RFC8174" format="default"/>target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> <t>Thisspecificationdocument usesStructured Fieldsthe following terminology from <xref target="STRUCTURED-FIELDS" section="3" sectionFormat="of" format="default"/> to specify syntax andparsing,parsing: List, String, Token, Integer, andABNF <xref target="RFC5234" format="default"/> as a shorthand for that syntax. The terms sf-list, sf-item, sf-string, sf-token, sf-integer and key refer to the structured types defined therein.</t>Byte Sequence.</t> <t>Note that in this specification, "proxy" is used to indicate both forward and reverse proxies, otherwise known as gateways. "Next hop" indicates the connection in the direction leading to the origin server for the request.</t> </section> </section> <section anchor="header" numbered="true" toc="default"> <name>The Proxy-Status HTTP Field</name> <t>The Proxy-Status HTTP response field allows an intermediary to convey additional information about its handling of a response and its associatedrequest. The syntax of this header field conforms to <xref target="STRUCTURED-FIELDS" format="default"/>.</t> <t>Itrequest.</t> <t>Its value is a List(<xref(see <xref section="3.1"sectionFormat="comma"sectionFormat="of" target="STRUCTURED-FIELDS"format="default"/>):</t> <sourcecode type="abnf"><![CDATA[ Proxy-Status = sf-list ]]></sourcecode> <t>Eachformat="default"/>). Each member of thelistList represents an intermediary that has handled the response. The first memberof the listrepresents the intermediary closest to the origin server, and the last memberof the listrepresents the intermediary closest to the user agent.</t> <t>For example:</t> <sourcecode type="http-message"><![CDATA[ Proxy-Status: revproxy1.example.net, ExampleCDN ]]></sourcecode> <t>indicates that this response was handled first by revproxy1.example.net (a reverse proxy adjacent to the origin server) and then ExampleCDN.</t> <t>Intermediaries determine when it is appropriate to add the Proxy-Status field to a response. Some might decide to appendtoit to all responses, whereas others might only do so when specifically configuredto,to or when the request contains a header field that activates a debugging mode.</t> <t>Each member of thelistList identifies the intermediary that inserted thevalue,value andMUST<bcp14>MUST</bcp14> have a type of eithersf-stringString orsf-token.Token. Depending on the deployment, this might be a service name (but not a software or hardware product name; e.g.,"Example CDN"is"ExampleCDN" is appropriate, but "ExampleProxy" isnot,not because it doesn't identify the deployment), a hostname ("proxy-3.example.com"), an IP address, or a generated string.</t> <t>Parametersonof each member(as per(per <xref section="3.1.2" sectionFormat="of" target="STRUCTURED-FIELDS" format="default"/>) convey additional information about that intermediary's handling of the response and its associated request; see <xref target="params" format="default"/>. While all of these parameters areOPTIONAL,<bcp14>OPTIONAL</bcp14>, intermediaries are encouraged to provide as much information as possible (but see <xref target="security" format="default"/> for security considerations in doing so).</t> <t>When adding a value to the Proxy-Status field, intermediariesSHOULD<bcp14>SHOULD</bcp14> preserve the existing members of the field to allow debugging of the entire chain of intermediaries handling therequest,request unless explicitly configured to remove them (e.g., to prevent internal network details from leaking; see <xref target="security" format="default"/>).</t> <t>Origin serversMUST NOT<bcp14>MUST NOT</bcp14> generate the Proxy-Status field.</t> <t>Proxy-StatusMAY<bcp14>MAY</bcp14> be sent asaan HTTP trailer field. For example, if an intermediary is streaming a response and the inbound connection suddenly terminates, Proxy-Status can only be appended to the trailer section of the outboundmessage,message since the header section has already been sent. However, because it might be silently discarded along the path to the user agent (as is the case for all trailer fields; see <xref section="6.5" sectionFormat="of" target="HTTP" format="default"/>), Proxy-StatusSHOULD NOT<bcp14>SHOULD NOT</bcp14> be sent as a trailer field unless it is not possible to send it in the header section.</t> <t>To allow recipients to reconstruct the relative ordering of Proxy-Status members conveyed in trailer fields with those conveyed in header fields, an intermediaryMUST NOT<bcp14>MUST NOT</bcp14> send Proxy-Status as a trailer field unless it has also generated a Proxy-Status header field with the same member (although potentially different parameters) in that message.</t> <t>For example, a proxy identified as 'ThisProxy' that receives a response bearing a header field:</t> <sourcecode type="http-message"><![CDATA[ Proxy-Status: SomeOtherProxy ]]></sourcecode> <t>would add its own entry to the header field:</t> <sourcecode type="http-message"><![CDATA[ Proxy-Status: SomeOtherProxy, ThisProxy ]]></sourcecode> <t>thus allowing it to append a trailer field:</t> <sourcecode type="http-message"><![CDATA[ Proxy-Status: ThisProxy; error=read_timeout ]]></sourcecode><t>... which<t>which would thereby allow a downstream recipient to understand that processing by 'SomeOtherProxy' occurred before 'ThisProxy'.</t> <t>A clientMAY<bcp14>MAY</bcp14> promote the Proxy-Status trailer field into a header field by following these steps:</t> <ol spacing="normal" type="1"><li> <t>For each member trailer_member of the Proxy-Status trailer field value: </t> <ol spacing="normal" type="1"><li>Let header_member be the first(left-most)(leftmost) value of the Proxy-Status header field value, comparing thesf-tokenString orsf-string character-by-character andToken character by character without consideration of parameters.</li> <li>If no matching header_member is found, continue processing the next trailer_member.</li> <li>Replace header_member with trailer_member in its entirety, including any parameters.</li> </ol> </li> <li>Remove the Proxy-Status trailerfield,field if empty.</li> </ol> <section anchor="params" numbered="true" toc="default"> <name>Proxy-Status Parameters</name> <t>This section lists parameters that can be used on the members of the Proxy-Status field. Unrecognised parametersMUST<bcp14>MUST</bcp14> be ignored.</t> <section anchor="error" numbered="true" toc="default"> <name>error</name> <t>The <tt>error</tt> parameter's value isan sf-tokena Token that is aProxy Error Type.proxy error type. When present, it indicates that the intermediary encountered an issue when obtaining this response.</t> <t>The presence of someProxy Error Typesproxy error types indicates that the response was generated by the intermediary itself, rather than being forwarded from the origin server. This is the case when, for example, the origin server can't be contacted, so the proxy has to create its own response.</t> <t>OtherProxy Error Typesproxy error types can be added to (potentially partial) responses that were generated by the origin server or some other inbound server. For example, if the forward connection abruptly closes, an intermediary might add Proxy-Status with an appropriate error as a trailer field.</t> <t>ProxyError Typeserror types that are registered with a 'Response only generated by intermediaries' value of 'true' indicate that they can only occuronin responses generated by the intermediary. If the value is 'false', the response might be generated by the intermediary or an inbound server.</t> <t><xref target="error-types" format="default"/> lists theProxy Error Typesproxy error types defined in this document; new ones can be defined using the procedure outlined in <xref target="register-error" format="default"/>.</t> <t>For example:</t> <sourcecode type="http-message"><![CDATA[ HTTP/1.1 504 Gateway Timeout Proxy-Status: ExampleCDN; error=connection_timeout ]]></sourcecode> <t>indicates that this 504 response was generated byExampleCDN,ExampleCDN due to a connection timeout when going forward.</t> <t>Or:</t> <sourcecode type="http-message"><![CDATA[ HTTP/1.1 429 Too Many Requests Proxy-Status: r34.example.net; error=http_request_error, ExampleCDN ]]></sourcecode> <t>indicates that this 429Too(Too ManyRequestsRequests) response was generated by r34.example.net, not the CDN or the origin.</t> <t>When sending the error parameter, the most specificProxy Error Type SHOULDproxy error type <bcp14>SHOULD</bcp14> be sent, provided that it accurately represents the error condition. If an appropriateProxy Error Typeproxy error type is not defined, there are a number of generic error types (e.g., proxy_internal_error, http_protocol_error) that can be used. If they are not suitable, consider registering a newProxy Error Typeproxy error type (see <xref target="register-error" format="default"/>).</t> <t>EachProxy Error Typeproxy error type has aRecommendedrecommended HTTPStatus Code.status code. When generatingaan HTTP response containing the <tt>error</tt>, its HTTP status codeSHOULD<bcp14>SHOULD</bcp14> be set to theRecommendedrecommended HTTPStatus Code.status code. However, there may be circumstances (e.g., for backwards compatibility with previous behaviours, a status code has already been sent) when another status code might be used.</t> <t>ProxyError Typeserror types can also define any number of extra parameters for use with that type. Their use, like all parameters, is optional. As a result, if an extra parameter is used with aProxy Error Typeproxy error type for which it is not defined, it will be ignored.</t> </section> <section anchor="next-hop" numbered="true" toc="default"> <name>next-hop</name> <t>The <tt>next-hop</tt> parameter's value isan sf-stringa String orsf-tokenToken that identifies the intermediary or origin server selected (and used, if contacted) to obtain this response. It might be a hostname, IP address, or alias.</t> <t>For example:</t> <sourcecode type="http-message"><![CDATA[ Proxy-Status: cdn.example.org; next-hop=backend.example.org:8001 ]]></sourcecode> <t>indicates that cdn.example.org used backend.example.org:8001 as the next hop for this request.</t> </section> <section anchor="next-protocol" numbered="true" toc="default"> <name>next-protocol</name> <t>The <tt>next-protocol</tt> parameter's value indicates theALPNApplication-Layer Protocol Negotiation (ALPN) protocol identifier <xref target="RFC7301" format="default"/> of the protocol used by the intermediary to connect to the next hop when obtaining this response.</t> <t>The valueMUST<bcp14>MUST</bcp14> be eitheran sf-tokena Token orsf-binary,Byte Sequence representing a TLSApplication-Layer Protocol Negotiation (ALPN)ALPN Protocol ID (see <ereftarget="https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids">https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids</eref>).brackets="angle" target="https://www.iana.org/assignments/tls-extensiontype-values#alpn-protocol-ids"/>). If the protocol identifier is able to be expressed asan sf-tokena Token using ASCII encoding, that formMUST<bcp14>MUST</bcp14> be used.</t> <t>For example:</t> <sourcecode type="http-message"><![CDATA[ Proxy-Status: "proxy.example.org"; next-protocol=h2 ]]></sourcecode> <t>Note that theAPLNALPN identifier is being used here to identify the protocol in use; it may or may not have been actually used in the protocol negotiation.</t> </section> <section anchor="received-status" numbered="true" toc="default"> <name>received-status</name> <t>The <tt>received-status</tt> parameter's value indicates the HTTP status code that the intermediary received from thenext hopnext-hop server when obtaining this response.</t> <t>The valueMUST<bcp14>MUST</bcp14> be ansf-integer.</t>Integer.</t> <t>For example:</t> <sourcecode type="http-message"><![CDATA[ Proxy-Status: ExampleCDN; received-status=200 ]]></sourcecode> </section> <section anchor="details" numbered="true" toc="default"> <name>details</name> <t>The <tt>details</tt> parameter's value isan sf-stringa String containing additional information not captured anywhere else. This can include implementation-specific or deployment-specific information.</t> <t>For example:</t> <sourcecode type="http-message"><![CDATA[ Proxy-Status: proxy.example.net; error="http_protocol_error"; details="Malformed response header: space before colon" ]]></sourcecode> </section> </section> <section anchor="register-param" numbered="true" toc="default"> <name>Defining New Proxy-Status Parameters</name> <t>New Proxy-StatusParametersparameters can be defined by registering them in theHTTP"HTTP Proxy-StatusParametersParameters" registry.</t> <t>Registration requests are reviewed and approved by Expert Review,asper <xref section="4.5" sectionFormat="comma" target="RFC8126" format="default"/>. A specification document isappreciated,appreciated but not required.</t> <t>TheExpert(s)expert(s) should consider the following factors when evaluating requests:</t> <ul spacing="normal"> <li>Community feedback</li> <li>If the value is sufficientlywell-defined</li>well defined</li> <li>Generic parameters are preferred over vendor-specific,application-specificapplication-specific, or deployment-specific values. If a generic value cannot be agreed upon in the community, the parameter's name should be correspondingly specific (e.g., with a prefix that identifies the vendor,applicationapplication, or deployment).</li> <li>Parameter names should not conflict with registered extra parameters in the "HTTP Proxy ErrorType Registry.</li>Types" registry.</li> </ul> <t>Registration requests should use the following template:</t><ul spacing="normal"> <li>Name: [a<dl> <dt>Name:</dt> <dd>[a name for the Proxy-StatusParameterparameter that matcheskey]</li> <li>Description: [akey]</dd> <dt>Description:</dt> <dd>[a description of the parameter semantics andvalue]</li> <li>Reference: [tovalue]</dd> <dt>Reference:</dt> <dd>[to a specification defining this parameter;optional]</li> </ul>optional]</dd> </dl> <t>See the registry at <ereftarget="https://iana.org/assignments/http-proxy-status">https://iana.org/assignments/http-proxy-status</eref>target="https://www.iana.org/assignments/http-proxy-status" brackets="angle"/> for details on where to send registration requests.</t> </section> <section anchor="error-types" numbered="true" toc="default"> <name>Proxy Error Types</name> <t>This section lists theProxy Error Typesproxy error types defined by this document. See <xref target="register-error" format="default"/> for information about defining newProxy Error Types.</t>proxy error types.</t> <t>Note that implementations might not produce allProxy Error Types.proxy error types. The set of types below is designed to map to existing states inimplementations,implementations andsotherefore may not be applicable to some.</t> <section anchor="dns-timeout" numbered="true" toc="default"> <name>DNS Timeout</name><ul spacing="normal"> <li>Name: dns_timeout</li> <li>Description: The<dl> <dt>Name:</dt> <dd>dns_timeout</dd> <dt>Description:</dt> <dd>The intermediary encountered a timeout when trying to find an IP address for thenext hop hostname.</li> <li>Extra Parameters: None.</li> <li>Recommendednext-hop hostname.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 504</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>504</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="dns-error" numbered="true" toc="default"> <name>DNS Error</name><ul spacing="normal"> <li>Name: dns_error</li> <li>Description: The<dl> <dt>Name:</dt> <dd>dns_error</dd> <dt>Description:</dt> <dd>The intermediary encountered a DNS error when trying to find an IP address for thenext hop hostname.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>rcode:next-hop hostname.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>rcode:</dt> <dd> Asf-stringString conveying the DNS RCODE that indicates the error type. See <xref section="3" sectionFormat="comma" target="RFC8499"format="default"/>.</li> <li>info-code: A sf-integerformat="default"/>.</dd> <dt>info-code:</dt> <dd>An Integer conveying the Extended DNS Error Codeinfo-code.INFO-CODE. See <xref target="RFC8914"format="default"/>.</li> </ul> </li> <li>Recommendedformat="default"/>.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="destination-not-found" numbered="true" toc="default"> <name>Destination Not Found</name><ul spacing="normal"> <li>Name: destination_not_found</li> <li>Description: The<dl> <dt>Name:</dt> <dd>destination_not_found</dd> <dt>Description:</dt> <dd>The intermediary cannot determine the appropriate next hop to use for this request; for example, it may not be configured. Note that this error is specific to gateways, which typically require specific configuration to identify the "backend" server; forward proxies use in-band information to identify the originserver.</li> <li>Extra Parameters: None.</li> <li>Recommendedserver.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 500</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>500</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="destination-unavailable" numbered="true" toc="default"> <name>Destination Unavailable</name><ul spacing="normal"> <li>Name: destination_unavailable</li> <li>Description: The<dl> <dt>Name:</dt> <dd>destination_unavailable</dd> <dt>Description:</dt> <dd>The intermediary considers the next hop to be unavailable; e.g., recent attempts to communicate with it may have failed, or a health check may indicate that it isdown.</li> <li>Extra Parameters: None.</li> <li>Recommendeddown.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 503</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>503</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="destination-ip-prohibited" numbered="true" toc="default"> <name>Destination IP Prohibited</name><ul spacing="normal"> <li>Name: destination_ip_prohibited</li> <li>Description: The<dl> <dt>Name:</dt> <dd>destination_ip_prohibited</dd> <dt>Description:</dt> <dd>The intermediary is configured to prohibit connections to thenext hopnext-hop IPaddress.</li> <li>Extra Parameters: None.</li> <li>Recommendedaddress.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="destination-ip-unroutable" numbered="true" toc="default"> <name>Destination IP Unroutable</name><ul spacing="normal"> <li>Name: destination_ip_unroutable</li> <li>Description: The<dl> <dt>Name:</dt> <dd>destination_ip_unroutable</dd> <dt>Description:</dt> <dd>The intermediary cannot find a route to thenext hopnext-hop IPaddress.</li> <li>Extra Parameters: None.</li> <li>Recommendedaddress.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="connection-refused" numbered="true" toc="default"> <name>Connection Refused</name><ul spacing="normal"> <li>Name: connection_refused</li> <li>Description: The<dl> <dt>Name:</dt> <dd>connection_refused</dd> <dt>Description:</dt> <dd>The intermediary's connection to the next hop wasrefused.</li> <li>Extra Parameters: None.</li> <li>Recommendedrefused.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="connection-terminated" numbered="true" toc="default"> <name>Connection Terminated</name><ul spacing="normal"> <li>Name: connection_terminated</li> <li>Description: The<dl> <dt>Name:</dt> <dd>connection_terminated</dd> <dt>Description:</dt> <dd>The intermediary's connection to the next hop was closed before a complete response wasreceived.</li> <li>Extra Parameters: None.</li> <li>Recommendedreceived.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="connection-timeout" numbered="true" toc="default"> <name>Connection Timeout</name><ul spacing="normal"> <li>Name: connection_timeout</li> <li>Description: The<dl> <dt>Name:</dt> <dd>connection_timeout</dd> <dt>Description:</dt> <dd>The intermediary's attempt to open a connection to the next hop timedout.</li> <li>Extra Parameters: None.</li> <li>Recommendedout.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 504</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>504</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="connection-read-timeout" numbered="true" toc="default"> <name>Connection Read Timeout</name><ul spacing="normal"> <li>Name: connection_read_timeout</li> <li>Description: The<dl> <dt>Name:</dt> <dd>connection_read_timeout</dd> <dt>Description:</dt> <dd>The intermediary was expecting data on a connection (e.g., part of aresponse),response) but did not receive any new data in a configured timelimit.</li> <li>Extra Parameters: None.</li> <li>Recommendedlimit.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 504</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>504</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="connection-write-timeout" numbered="true" toc="default"> <name>Connection Write Timeout</name><ul spacing="normal"> <li>Name: connection_write_timeout</li> <li>Description: The<dl> <dt>Name:</dt> <dd>connection_write_timeout</dd> <dt>Description:</dt> <dd>The intermediary was attempting to write data to aconnection,connection but was not able to (e.g., because its buffers werefull).</li> <li>Extra Parameters: None.</li> <li>Recommendedfull).</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 504</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>504</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="connection-limit-reached" numbered="true" toc="default"> <name>Connection Limit Reached</name><ul spacing="normal"> <li>Name: connection_limit_reached</li> <li>Description: The<dl> <dt>Name:</dt> <dd>connection_limit_reached</dd> <dt>Description:</dt> <dd>The intermediary is configured to limit the number of connections it has to the next hop, and that limit has beenpassed.</li> <li>Extra Parameters: None.</li> <li>Recommendedexceeded.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 503</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>503</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="tls-protocol-error" numbered="true" toc="default"> <name>TLS Protocol Error</name><ul spacing="normal"> <li>Name: tls_protocol_error</li> <li>Description: The<dl> <dt>Name:</dt> <dd>tls_protocol_error</dd> <dt>Description:</dt> <dd>The intermediary encountered a TLS error when communicating with the next hop, either during the handshake orafterwards.</li> <li>Extra Parameters: None.</li> <li>Recommendedafterwards.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> <li>Notes: NotStatus Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> <dt>Notes:</dt> <dd>Not appropriate when a TLS alert is received; seetls_alert_received</li> </ul>tls_alert_received.</dd> </dl> </section> <section anchor="tls-certificate-error" numbered="true" toc="default"> <name>TLS Certificate Error</name><ul spacing="normal"> <li>Name: tls_certificate_error</li> <li>Description: The<dl> <dt>Name:</dt> <dd>tls_certificate_error</dd> <dt>Description:</dt> <dd>The intermediary encountered an error when verifying the certificate presented by the nexthop.</li> <li>Extra Parameters: None.</li> <li>Recommendedhop.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="tls-alert-received" numbered="true" toc="default"> <name>TLS Alert Received</name><ul spacing="normal"> <li>Name: tls_alert_received</li> <li>Description: The<dl> <dt>Name:</dt> <dd>tls_alert_received</dd> <dt>Description:</dt> <dd>The intermediary received a TLS alert from the nexthop.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>alert-id: an sf-integerhop.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>alert-id:</dt> <dd>An Integer containing the applicable value from theTLS Alerts"TLS Alerts" registry. See{!RFC8446}}.</li> <li>alert-message: an sf-token<xref target="TLS" format="default"/>.</dd> <dt>alert-message:</dt> <dd>A Token orsf-stringString containing the applicable description string from theTLS Alerts"TLS Alerts" registry. See <xreftarget="RFC8446" format="default"/>.</li> </ul> </li> <li>Recommendedtarget="TLS" format="default"/>.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-request-error" numbered="true" toc="default"> <name>HTTP Request Error</name><ul spacing="normal"> <li>Name: http_request_error</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_request_error</dd> <dt>Description:</dt> <dd>The intermediary is generating a client (4xx) response on the origin's behalf. Applicable status codes include (but are not limited to) 400, 403, 405, 406, 408, 411, 413, 414, 415, 416, 417,429.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>status-code: an sf-integerand 429.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>status-code:</dt> <dd>An Integer containing the generated statuscode.</li> <li>status-phrase: an sf-stringcode.</dd> <dt>status-phrase:</dt> <dd>A String containing the generated statusphrase.</li> </ul> </li> <li>Recommendedphrase.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: TheStatus Code:</dt> <dd>The applicable 4xx statuscode</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> <li>Notes: Thiscode</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> <dt>Notes:</dt> <dd>This type helps distinguish between responses generated by intermediaries from those generated by theorigin.</li> </ul>origin.</dd> </dl> </section> <section anchor="http-request-denied" numbered="true" toc="default"> <name>HTTP Request Denied</name><ul spacing="normal"> <li>Name: http_request_denied</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_request_denied</dd> <dt>Description:</dt> <dd>The intermediary rejected the HTTP request based on its configuration and/or policy settings. The request wasn't forwarded to the nexthop.</li> <li>Extra Parameters: None.</li> <li>Recommendedhop.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 403</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>403</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-incomplete-response" numbered="true" toc="default"> <name>HTTP Incomplete Response</name><ul spacing="normal"> <li>Name: http_response_incomplete</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_response_incomplete</dd> <dt>Description:</dt> <dd>The intermediary received an incomplete response to the request from the nexthop.</li> <li>Extra Parameters: None.</li> <li>Recommendedhop.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-response-header-section-too-large" numbered="true" toc="default"> <name>HTTP Response Header Section Too Large</name><ul spacing="normal"> <li>Name: http_response_header_section_size</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_response_header_section_size</dd> <dt>Description:</dt> <dd>The intermediary received a response to the request whose header section was considered toolarge.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>header-section-size: an sf-integerlarge.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>header-section-size:</dt> <dd>An Integer indicating how large theheadersreceived headers were. Note that they might not be complete; i.e., the intermediary may have discarded or refused additionaldata.</li> </ul> </li> <li>Recommendeddata.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-response-header-field-line-too-large" numbered="true" toc="default"> <name>HTTP Response Header Field Line Too Large</name><ul spacing="normal"> <li>Name: http_response_header_size</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_response_header_size</dd> <dt>Description:</dt> <dd>The intermediary received a response to the request containing an individual header field line that was considered toolarge.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>header-name: an sf-stringlarge.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>header-name:</dt> <dd>A String indicating the name of the header field that triggered theerror.</li> <li>header-size: an sf-integererror.</dd> <dt>header-size:</dt> <dd>An Integer indicating the size of the header field that triggered theerror.</li> </ul> </li> <li>Recommendederror.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-response-body-too-large" numbered="true" toc="default"> <name>HTTP Response Body Too Large</name><ul spacing="normal"> <li>Name: http_response_body_size</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_response_body_size</dd> <dt>Description:</dt> <dd>The intermediary received a response to the request whose body was considered toolarge.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>body-size: an sf-integerlarge.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>body-size:</dt> <dd>An Integer indicating how large thebodyreceived body was. Note that it may not have been complete; i.e., the intermediary may have discarded or refused additionaldata.</li> </ul> </li> <li>Recommendeddata.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-response-trailer-section-too-large" numbered="true" toc="default"> <name>HTTP Response Trailer Section Too Large</name><ul spacing="normal"> <li>Name: http_response_trailer_section_size</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_response_trailer_section_size</dd> <dt>Description:</dt> <dd>The intermediary received a response to the request whose trailer section was considered toolarge.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>trailer-section-size: an sf-integerlarge.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>trailer-section-size:</dt> <dd>An Integer indicating how large thetrailersreceived trailers were. Note that they might not be complete; i.e., the intermediary may have discarded or refused additionaldata.</li> </ul> </li> <li>Recommendeddata.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-response-trailer-field-line-too-large" numbered="true" toc="default"> <name>HTTP Response Trailer Field Line Too Large</name><ul spacing="normal"> <li>Name: http_response_trailer_size</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_response_trailer_size</dd> <dt>Description:</dt> <dd>The intermediary received a response to the request containing an individual trailer field line that was considered toolarge.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>trailer-name: an sf-stringlarge.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>trailer-name:</dt> <dd>A String indicating the name of the trailer field that triggered theerror.</li> <li>trailer-size: an sf-integererror.</dd> <dt>trailer-size:</dt> <dd>An Integer indicating the size of the trailer field that triggered theerror.</li> </ul> </li> <li>Recommendederror.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-response-transfer-coding-error" numbered="true" toc="default"> <name>HTTP Response Transfer-Coding Error</name><ul spacing="normal"> <li>Name: http_response_transfer_coding</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_response_transfer_coding</dd> <dt>Description:</dt> <dd>The intermediary encountered an error decoding thetransfer-codingtransfer coding of theresponse.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>coding: an sf-tokenresponse.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>coding:</dt> <dd>A Token containing the specific coding (from theHTTP"HTTP Transfer CodingRegistry)Registry") that caused theerror.</li> </ul> </li> <li>Recommendederror.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-response-content-coding-error" numbered="true" toc="default"> <name>HTTP Response Content-Coding Error</name><ul spacing="normal"> <li>Name: http_response_content_coding</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_response_content_coding</dd> <dt>Description:</dt> <dd>The intermediary encountered an error decoding thecontent-codingcontent coding of theresponse.</li> <li> <t>Extra Parameters: </t> <ul spacing="normal"> <li>coding: an sf-tokenresponse.</dd> <dt>Extra Parameters:</dt> <dd><t><br/></t> <dl> <dt>coding:</dt> <dd>A Token containing the specific coding (from theHTTP"HTTP Content CodingRegistry)Registry") that caused theerror.</li> </ul> </li> <li>Recommendederror.</dd> </dl> </dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-response-timeout" numbered="true" toc="default"> <name>HTTP Response Timeout</name><ul spacing="normal"> <li>Name: http_response_timeout</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_response_timeout</dd> <dt>Description:</dt> <dd>The intermediary reached a configured time limit waiting for the completeresponse.</li> <li>Extra Parameters: None.</li> <li>Recommendedresponse.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 504</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>504</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-upgrade-failed" numbered="true" toc="default"> <name>HTTP Upgrade Failed</name><ul spacing="normal"> <li>Name: http_upgrade_failed</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_upgrade_failed</dd> <dt>Description:</dt> <dd>The process of negotiating an upgrade of the HTTPUpgradeversion between the intermediary and the next hopfailed.</li> <li>Extra Parameters: None.</li> <li>Recommendedfailed.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="http-protocol-error" numbered="true" toc="default"> <name>HTTP Protocol Error</name><ul spacing="normal"> <li>Name: http_protocol_error</li> <li>Description: The<dl> <dt>Name:</dt> <dd>http_protocol_error</dd> <dt>Description:</dt> <dd>The intermediary encounteredaan HTTP protocol error when communicating with the next hop. This error should only be used when a more specific one is notdefined.</li> <li>Extra Parameters: None.</li> <li>Recommendeddefined.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: false</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>false</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="proxy-internal-response" numbered="true" toc="default"> <name>Proxy Internal Response</name><ul spacing="normal"> <li>Name: proxy_internal_response</li> <li>Description: The<dl> <dt>Name:</dt> <dd>proxy_internal_response</dd> <dt>Description:</dt> <dd>The intermediary generated the responselocally,itself without attempting to connect to the nexthop (e.g. in response to a request to a debug endpoint terminated at the intermediary).</li> <li>Extra Parameters: None.</li> <li>Recommendedhop.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: TheStatus Code:</dt> <dd>The most appropriate status code for theresponse</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>response</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="proxy-internal-error" numbered="true" toc="default"> <name>Proxy Internal Error</name><ul spacing="normal"> <li>Name: proxy_internal_error</li> <li>Description: The<dl> <dt>Name:</dt> <dd>proxy_internal_error</dd> <dt>Description:</dt> <dd>The intermediary encountered an internal error unrelated to theorigin.</li> <li>Extra Parameters: None</li> <li>Recommendedorigin.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 500</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>500</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="proxy-configuration-error" numbered="true" toc="default"> <name>Proxy Configuration Error</name><ul spacing="normal"> <li>Name: proxy_configuration_error</li> <li>Description: The<dl> <dt>Name:</dt> <dd>proxy_configuration_error</dd> <dt>Description:</dt> <dd>The intermediary encountered an error regarding itsconfiguration.</li> <li>Extra Parameters: None</li> <li>Recommendedconfiguration.</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 500</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>500</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt> <dd>RFC 9209</dd> </dl> </section> <section anchor="proxy-loop-detected" numbered="true" toc="default"> <name>Proxy Loop Detected</name><ul spacing="normal"> <li>Name: proxy_loop_detected</li> <li>Description: The<dl> <dt>Name:</dt> <dd>proxy_loop_detected</dd> <dt>Description:</dt> <dd>The intermediary tried to forward the request to itself, or a loop has been detected using different means(e.g.(e.g., <xref target="RFC8586"format="default"/>).</li> <li>Extra Parameters: None.</li> <li>Recommendedformat="default"/>).</dd> <dt>Extra Parameters:</dt> <dd>None</dd> <dt>Recommended HTTPstatus code: 502</li> <li>Response only generated by intermediaries: true</li> <li>Reference: [this document]</li> </ul>Status Code:</dt> <dd>502</dd> <dt>Response Only Generated by Intermediaries:</dt> <dd>true</dd> <dt>Reference:</dt><dd>RFC 9209</dd> </dl> </section> </section> <section anchor="register-error" numbered="true" toc="default"> <name>Defining New Proxy Error Types</name> <t>NewProxy Error Typesproxy error types can be defined by registering them in theHTTP"HTTP Proxy ErrorTypesTypes" registry.</t> <t>Registration requests are reviewed and approved by Expert Review,asper <xref section="4.5" sectionFormat="comma" target="RFC8126" format="default"/>. A specification document isappreciated,appreciated but not required.</t> <t>TheExpert(s)expert(s) should consider the following factors when evaluating requests:</t> <ul spacing="normal"> <li>Community feedback</li> <li>If the value is sufficiently well-defined</li> <li>Generic types are preferred over vendor-specific,application-specificapplication-specific, or deployment-specific values. If a generic value cannot be agreed upon in the community, thetypes'stype's name should be correspondingly specific (e.g., with a prefix that identifies the vendor,applicationapplication, or deployment).</li> <li>ExtraParametersparameters should not conflict with registered Proxy-Status parameters.</li> </ul> <t>Registration requests should use the following template:</t><ul spacing="normal"> <li>Name: [a<dl> <dt>Name:</dt> <dd>[a name for theProxy Error Typeproxy error type thatmatches sf-token]</li> <li>Description: [ais of type Token]</dd> <dt>Description:</dt> <dd>[a description of the conditions that generate theProxy Error Type]</li> <li>Extra Parameters: [zeroproxy error type]</dd> <dt>Extra Parameters:</dt> <dd>[zero or more optional parameters, along with their allowabletype(s)]</li> <li>RecommendedStructured Type(s)]</dd> <dt>Recommended HTTPstatus code: [theStatus Code:</dt> <dd>[the appropriate HTTP status code for thisentry]</li> <li>Response only generatedentry]</dd> <dt>Response Only Generated byintermediaries: ['true'Intermediaries:</dt> <dd>['true' or'false']</li> <li>Reference: [to'false']</dd> <dt>Reference:</dt> <dd>[to a specification defining this error type;optional]</li> <li>Notes: [optional]</li> </ul>optional]</dd> <dt>Notes:</dt> <dd>[optional]</dd> </dl> <t>If theProxy Error Typeproxy error type might occur in responses that are not generated by the intermediary -- for example, when an error is detected as the response is streamed from a forward connection, causing a Proxy-Status trailer field to be appended -- the 'Response only generated by intermediaries' should be 'false'. If theProxy Error Typeproxy error type only occurs in responses that are generated by the intermediary, it should be 'true'.</t> <t>See the registry at <ereftarget="https://iana.org/assignments/http-proxy-status">https://iana.org/assignments/http-proxy-status</eref>target="https://www.iana.org/assignments/http-proxy-status" brackets="angle"/> for details on where to send registration requests.</t> </section> </section> <section anchor="iana-considerations" numbered="true" toc="default"> <name>IANA Considerations</name><t>Upon publication, please create<t>IANA has created theHTTP"HTTP Proxy-StatusParametersParameters" registry and theHTTP"HTTP Proxy ErrorTypesTypes" registry at <ereftarget="https://iana.org/assignments/http-proxy-status">https://iana.org/assignments/http-proxy-status</eref>target="https://www.iana.org/assignments/http-proxy-status" brackets="angle"/> andpopulatehas populated them with the types defined in Sections <xref target="params"format="default"/>format="counter"/> and <xref target="error-types"format="default"/>format="counter"/> respectively; see Sections <xref target="register-param"format="default"/>format="counter"/> and <xref target="register-error"format="default"/>format="counter"/> foritstheir associated procedures.</t> <t>Additionally,please registerthe following entryinhas been added to theHypertext"Hypertext Transfer Protocol (HTTP) Field NameRegistry:</t> <ul spacing="normal"> <li>Field name: Proxy-Status</li> <li>Status: permanent</li> <li>Specification document(s): [this document]</li> <li>Comments:</li> </ul>Registry":</t> <dl spacing="compact"> <dt>Field name:</dt> <dd>Proxy-Status</dd> <dt>Status:</dt> <dd>permanent</dd> <dt>Specification document(s):</dt> <dd>RFC 9209</dd> <dt>Comments:</dt> <dd/> </dl> </section> <section anchor="security" numbered="true" toc="default"> <name>Security Considerations</name> <t>One of the primary security concerns when using Proxy-Status is leaking information that might aid an attacker. For example, information about the intermediary's configuration andback-endbackend topology can be exposed, allowing attackers to directly targetback-endbackend services that are not prepared for high traffic volume or malformed inputs. Some information might only be suitable to reveal to authorized parties.</t> <t>As a result, care needs to be taken when deciding to generate a Proxy-Status field and what information to include in it. Note that intermediaries are not required to generate a Proxy-Status field in anyresponse,response and can conditionally generate them based upon request attributes (e.g., authentication tokens, IP address).</t> <t>Likewise, generation of all parameters is optional, as is the generation of the field itself. Also, the field's content is not verified; an intermediary can claim certain actions (e.g., sending a request over an encrypted channel) but fail to actually do that.</t> </section> </middle> <back> <references> <name>References</name> <references> <name>Normative References</name> <referenceanchor="HTTP">anchor='HTTP' target='https://www.rfc-editor.org/info/rfc9110'> <front> <title>HTTP Semantics</title> <authorfullname="Roy T. Fielding"> <organization>Adobe</organization>initials='R' surname='Fielding' fullname='Roy Fielding' role="editor"> <organization /> </author> <authorfullname="Mark Nottingham"> <organization>Fastly</organization>initials='M' surname='Nottingham' fullname='Mark Nottingham' role="editor"> <organization /> </author> <authorfullname="Julian Reschke"> <organization>greenbytes GmbH</organization>initials='J' surname='Reschke' fullname='Julian Reschke' role="editor"> <organization /> </author> <dateday="12" month="September" year="2021"/> <abstract> <t> The Hypertext Transfer Protocol (HTTP) is a stateless application- level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes. This document updates RFC 3864 and obsoletes RFC 2818, RFC 7231, RFC 7232, RFC 7233, RFC 7235, RFC 7538, RFC 7615, RFC 7694, and portions of RFC 7230. </t> </abstract>year='2022' month='June'/> </front> <seriesInfoname="Internet-Draft" value="draft-ietf-httpbis-semantics-19"/>name="STD" value="97"/> <seriesInfo name="RFC" value="9110"/> <seriesInfo name="DOI" value="10.17487/RFC9110"/> </reference> <referenceanchor="STRUCTURED-FIELDS">anchor="STRUCTURED-FIELDS" target='https://www.rfc-editor.org/info/rfc8941'> <front> <title>Structured Field Values for HTTP</title> <author fullname="M. Nottingham" initials="M." surname="Nottingham"> <organization/> </author> <author fullname="P-H. Kamp" initials="P-H." surname="Kamp"> <organization/> </author> <datemonth="February"month="March" year="2021"/><abstract> <t>This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header and trailer fields, known as "Structured Fields", "Structured Headers", or "Structured Trailers". It is intended for use by specifications of new HTTP fields that wish to use a common syntax that is more restrictive than traditional HTTP field values.</t> </abstract></front> <seriesInfo name="RFC" value="8941"/> <seriesInfo name="DOI" value="10.17487/RFC8941"/> </reference> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8499.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7301.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8914.xml"/> <referenceanchor="RFC2119"> <front> <title>Key words for use in RFCs to Indicate Requirement Levels</title> <author fullname="S. Bradner" initials="S." surname="Bradner"> <organization/> </author> <date month="March" year="1997"/> <abstract> <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="DOI" value="10.17487/RFC2119"/> </reference> <reference anchor="RFC8126"> <front> <title>Guidelines for Writing an IANA Considerations Section in RFCs</title> <author fullname="M. Cotton" initials="M." surname="Cotton"> <organization/> </author> <author fullname="B. Leiba" initials="B." surname="Leiba"> <organization/> </author> <author fullname="T. Narten" initials="T." surname="Narten"> <organization/> </author> <date month="June" year="2017"/> <abstract> <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t> <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t> <t>This is the third edition of this document; it obsoletes RFC 5226.</t> </abstract> </front> <seriesInfo name="BCP" value="26"/> <seriesInfo name="RFC" value="8126"/> <seriesInfo name="DOI" value="10.17487/RFC8126"/> </reference> <reference anchor="RFC8499"> <front> <title>DNS Terminology</title> <author fullname="P. Hoffman" initials="P." surname="Hoffman"> <organization/> </author> <author fullname="A. Sullivan" initials="A." surname="Sullivan"> <organization/> </author> <author fullname="K. Fujiwara" initials="K." surname="Fujiwara"> <organization/> </author> <date month="January" year="2019"/> <abstract> <t>The Domain Name System (DNS) is defined in literally dozens of different RFCs. The terminology used by implementers and developers of DNS protocols, and by operators of DNS systems, has sometimes changed in the decades since the DNS was first defined. This document gives current definitions for many of the terms used in the DNS in a single document.</t> <t>This document obsoletes RFC 7719 and updates RFC 2308.</t> </abstract> </front> <seriesInfo name="BCP" value="219"/> <seriesInfo name="RFC" value="8499"/> <seriesInfo name="DOI" value="10.17487/RFC8499"/> </reference> <reference anchor="RFC8174"> <front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <author fullname="B. Leiba" initials="B." surname="Leiba"> <organization/> </author> <date month="May" year="2017"/> <abstract> <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/> </reference> <reference anchor="RFC7301"> <front> <title>Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension</title> <author fullname="S. Friedl" initials="S." surname="Friedl"> <organization/> </author> <author fullname="A. Popov" initials="A." surname="Popov"> <organization/> </author> <author fullname="A. Langley" initials="A." surname="Langley"> <organization/> </author> <author fullname="E. Stephan" initials="E." surname="Stephan"> <organization/> </author> <date month="July" year="2014"/> <abstract> <t>This document describes a Transport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allows the application layer to negotiate which protocol will be used within the TLS connection.</t> </abstract> </front> <seriesInfo name="RFC" value="7301"/> <seriesInfo name="DOI" value="10.17487/RFC7301"/> </reference> <reference anchor="RFC8914"> <front> <title>Extended DNS Errors</title> <author fullname="W. Kumari" initials="W." surname="Kumari"> <organization/> </author> <author fullname="E. Hunt" initials="E." surname="Hunt"> <organization/> </author> <author fullname="R. Arends" initials="R." surname="Arends"> <organization/> </author> <author fullname="W. Hardaker" initials="W." surname="Hardaker"> <organization/> </author> <author fullname="D. Lawrence" initials="D." surname="Lawrence"> <organization/> </author> <date month="October" year="2020"/> <abstract> <t>This document defines an extensible method to return additional information about the cause of DNS errors. Though created primarily to extend SERVFAIL to provide additional information about the cause of DNS and DNSSEC failures, the Extended DNS Errors option defined in this document allows all response types to contain extended error information. Extended DNS Error information does not change the processing of RCODEs.</t> </abstract> </front> <seriesInfo name="RFC" value="8914"/> <seriesInfo name="DOI" value="10.17487/RFC8914"/> </reference> <reference anchor="RFC8446">anchor="TLS" target="https://www.rfc-editor.org/info/rfc8446"> <front> <title>The Transport Layer Security (TLS) Protocol Version 1.3</title> <authorfullname="E. Rescorla"initials="E."surname="Rescorla"> <organization/> </author>surname="Rescorla" fullname="Eric Rescorla"/> <datemonth="August" year="2018"/> <abstract> <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t> <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t> </abstract>year="2018" month="August"/> </front> <seriesInfo name="RFC" value="8446"/> <seriesInfo name="DOI" value="10.17487/RFC8446"/> </reference> </references> <references> <name>Informative References</name><reference anchor="RFC5234"> <front> <title>Augmented BNF for Syntax Specifications: ABNF</title> <author fullname="D. Crocker" initials="D." role="editor" surname="Crocker"> <organization/> </author> <author fullname="P. Overell" initials="P." surname="Overell"> <organization/> </author> <date month="January" year="2008"/> <abstract> <t>Internet technical specifications often need to define a formal syntax. Over the years, a modified version of Backus-Naur Form (BNF), called Augmented BNF (ABNF), has been popular among many Internet specifications. The current specification documents ABNF. It balances compactness and simplicity with reasonable representational power. The differences between standard BNF and ABNF involve naming rules, repetition, alternatives, order-independence, and value ranges. This specification also supplies additional rule definitions and encoding for a core lexical analyzer of the type common to several Internet specifications. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="STD" value="68"/> <seriesInfo name="RFC" value="5234"/> <seriesInfo name="DOI" value="10.17487/RFC5234"/> </reference> <reference anchor="RFC8586"> <front> <title>Loop Detection in Content Delivery Networks (CDNs)</title> <author fullname="S. Ludin" initials="S." surname="Ludin"> <organization/> </author> <author fullname="M. Nottingham" initials="M." surname="Nottingham"> <organization/> </author> <author fullname="N. Sullivan" initials="N." surname="Sullivan"> <organization/> </author> <date month="April" year="2019"/> <abstract> <t>This document defines the CDN-Loop request header field for HTTP. CDN-Loop addresses an operational need that occurs when an HTTP request is intentionally forwarded between Content Delivery Networks (CDNs), but is then accidentally or maliciously re-routed back into the original CDN causing a non-terminating loop. The new header field can be used to identify the error and terminate the loop.</t> </abstract> </front> <seriesInfo name="RFC" value="8586"/> <seriesInfo name="DOI" value="10.17487/RFC8586"/> </reference><xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8586.xml"/> </references> </references> </back><!-- ##markdown-source: H4sIAINnZ2EAA+1dW3PbRpZ+56/olR8kpUhasuXEkSazo0h2oipZ9lpypbaS LU2TaJI9BgEOGhTNpDy/fc+lrwB0s+NEs7V+kEkC6Mvpc/nOpRuDwaBX6zpX ++JipsSbqvywHpzXsl4a8ePFxRvxVplFWRglflQyU5V4qVWe9eRoVKmr/cb9 dEcvK8eFnEODWSUn9UCrejKY1fVipM1gQfcbun+w87yXyRpu/O348OLFx94Y vkzLar0vTJ319KLaF3W1NPWTnZ1vd570ZKXkvjhcLHINd2oYlJBFBgOU+eBC z1VvVVbvp1W5XOzT0Hvv1Rp+yvbFSVGrqlD14BhH1IPui+xS5mUBfa+V6Zm5 rOrLfy7LWpl9UZS9qa5ny9FAG7NUg1yOVL4v4qH3enJZz8pqvycGPQH/dAEP vhqKs7KudTGdyTn9zHR4Jav3zStlNZWF/pXmsS9eSlPna7qwKKGLfJ8+CzEA CstZJQv6Pi6XRY30OQSqVDLXkn5Wc6lhgPOirP+Gf4YwVbqwrPS+QNKb/ceP V6vV0F19nIz7zVCc6/dlJaMxv9FlXcU/pwP+oSynuYp7X+ADhu7/25SuDsfl vNcrymoOD10pnBIuCyzH4HiYcIWBNopajw3ccn7x9t3Rxbu3L44HL09enB6f 74u3L4+ef7u3Cxfh05Pd3W/3+ePz3Sdfu49738KvPV1MQne93mAwEHKEpBrX vd7FTBsBzLmcq6IWmZroQhlRd3L9BLlc1CWQvLhSa7orUzXM1IhyAmQDhpqr TMtqLSonITNgqxzWuA/Xx/kyg49iqgpVAV9nQlVVWZmhHRYshLo8wz91efmW BAe46iuYinhxfHLx+i1QNFcSWq3UvLxSMAIYvVFjpL8YKZinEovlyMnCV73e sTbjpTF4HYZI95MEilq+h4kucjlWAi7iXGiSKC80RpQZgcuI33JtarHl12ew mv5t9XQIy7/dF6uZHs8ENCyr8QyInAlZi784DsMnzZBvfnzId5jHb2iQj+MG H/8VyPCT7f0H6t2vHAxwLHGGYgLcnnaA/6+m1PxfD4QplxXMaFxmihQBSavh 8UNjMQWubZEFHTnVNk7/DdSHWhVISfOYpN88jqUfR49rONdZBkLQe4QKpiqz JS1Or0fEjVhEw6i2jFLit9/O7QI+HX6Di4R3fvy4LaCxwDKjsp7hBFayykjr 4PM4wSnw0UquoTGZm1K8L8pVIaQRG6CKgX2Uu3mDGpxJ4JqRgqkhebB90J8G OsjXwuhpoSfAOiAIC9B9bizA44u8XKOAmCHMii7q8TKXVV80eqEhHZUwTWjk WOWw2CAMZ6pGtoIxHh2fmW2cx9x3gZw3rjS0KHNc8QrUXgVUWwIvw2VQAmvx kxrB8EARA5Ev1gu8NV/3RRdNHY0q9U9Y+BpkucTvLNNlpae6AImpYFzAz8UI F3+bRg3XC/80fNGVF2IjRnL8niQ/10gGsVUua352KH4sV0gEEPAJ0pREWpTj 8bIyTiZl0AfAfuUIdEYBcjKpyjkvA7Vlx9WnoSYPTICekdYYse5JFI6ujcon Q8tocgxLPC/RktLMoZ16vVCkp1jniBVwOQxsolaCOZiExhyQmKgPcg6qpi+e 7TwR38tM/MBsRpR6trPnv6ONBVpEVFAfFgpWohij7gPtNEOGrGcgYHMkRSzT MLVCjZUxOAGgrtQZMNtoOZ0iy2NXOItlgepMgZ6R9aaBRhcLhdSDB4h3aEmG 4jDLNLbKrNHgCgMMX8NQYdrI3kGHS/9UMjIJC1JbLnAaHGkXFhImegWLoomB 1yKDoYP69osE64G8WgpVyFGu7BosgZf6IPEz0u0fP3qDI4EQK+Znv/De3MCM ylVzRmEKkQm6acBD6BdkTs4N9KsKMHiV445k6rRUVjcCdQKheTzAe+lInAGw j5CWxKdg7YERoNNKTUH7qmpAvX/8iAMhHhwQSyZUMKr2LGo5FtkR6Aa9ALkl Iy4YP8EeUD0kP6jk+QaWLWKfiJKk+JXTCQd2NXDEuX6vVtqoW4ZOA4Khg6F+ 9Ahhm7RMc4RrUBDwRDChBOBLtKGgcDZevTu/2Ojz/+LsNX1+++K/3p0AjsHP 5z8enp76D+6O8x9fvzs9Dp/Ck0evX716cXbMD8OvovHTq8P/hv9QbDZev7k4 eX12eLoBi2VtnsM4gJhxRUdWfywqVfOUQfhBD4/gCzzz/dEbsbsHJPgPC69g mfjL891v9uALUps7KwswHvyVRAHlU1bYCDAuEHmhAbsCm3hlMFOVGlroZRZq TEaHeA/lQ5w79Z+xX2HQRDYBIIwAJsFPg+laF7X8QKMBJjMEt/DL4fdnL+Hp /4RhP3vyFIcticsApdcoJZYzgOG5hSH5O8jdMLLJAFFDHz+A6ZnTBzBN1Dh8 rMv3OGW8CnScAr9gg7j8lZrANys1JsyG+ZmZnUxMpXQBhEDEx6Nwi5VQBVaW mH4D9SVQiARSFxlrxQQY4AgaFrkvSuyJeNyDAwcahsBHwPViVi42fJOsEkC5 FBaXaIaHma7sD4BBCZTYKaZWtSFsJDLXuJG0vOK3R1YdsgC1b2toRFKHLPex AbyjTgc7eY2CZLwIl6Ux5ViTpXWToAlYLnM4mkdtBwVdY0+klzvZFehwUhNK FqcEpjvu6osABXcBAoK78q9//QsGXkx6CVmE+M7xJ97R672QoIHnaj6CAVlM RZC3UiDfhiBLi17IcGihiRrMkJGxuCCNX0EbNzfbAiLjvAQprjuZo++Qlsjl Z7cMogAyN0Xj3+u9DKDFUo0w+xzBxVQl1NtHESGJ2h3aR9D97YsX/AUwKhM1 FghZ86J7ZllFlGM6jdbdDQMyT4QSGfQf4HYV3TSK0GgYEHJPav/B6sNX0CRs 9zTz1gI6WFTIuwQcsqztygZYEa32OToEcz2doQ881hk/jkCLtU1tcUiAxGj2 FToPrF+MfZqMQQaaueRxeU0GqIyERE9ZF5agmCq+J9IWeAsacBSTRL5oBcBj 11e0IDLCiQBz0ZxcJwIwGbDPE606OMoqXSB8bQXgSuZLxWxKZpscJkmqm4CJ xskGS4BzcLZgCA4PEox+tirTe059Zh8mEiIrWm0NIBlDK2JrBKoJ8SP8Dmh/ hUa6RCRXZfR5wZ4k3Xwg1HA6BKtg2UMAf2yki98X2J674Y23HtBDH90/iYAK FjUrlSk2PY3WjUGDcw/LUJqax8hmaPDUMzeg8w28pxAnb5DZgDkMLauMnBUm FCzQG4R/ijAbkEdFy7XlAVek/4ZPkOAdmnT7jtidljYs9maq9xMf63rNfyDY R3fIeSh+mmmgOcoCt4JSHWaGi+XAV8sLwYuEXCvQSSRYQNErlDYgwHyJUZR4 Hgbjfkaj+0D8wSMxCjxLXa8BzKCpdV+RKAaaqmwUFPRJVuJcTbmNgRVCz1nG yJi43GmftnZoDdwiUVLNFcWdEC2DdJH80SI6/6PptgQ5tdeR04AO4xmIeSNs hl35NYq0Ql8sixx4C33LXI913dQlIR6m5mKLxYOoiz6aZQNkk4IDEd5lIgcc 0AzGnA5a9EW6vY5VsxEOygc/r5uCyO7xjwDNUeoNAXBUXwRs6gpG4VTcULyM HW8OJqQuvkFhUnLecG+cTXVhhAi6mSV4cKiS2Vig7uynw0UniJQ2KiVS+MHj c+NzEUa7gi72Iax1BRCs0d3Ha1ZpuycQX8gcxpxhB2gPyFf3wYJIF3nVaKDP Apc402YMChC9k7y0HLGQAHdbAIA0iLbAVVqPD0U0obBxS+y0zNfDZ1HArUGY 4H2lK5c06RiTzS8qcC+y6J4o0isOQKe04fAACwkAa73gyBIxM8oy+Q1WCnKK XoNmheetKCVjdSLIipE9uHTqHO6pQZmr5K7YyJp+i+U8v9NUkj5vJAavO4CA YAdk+nhi3e3ggMxoaLxVyGG8y+kMaIrxRE0YItMT8K4Uxyit1t1mCmOIiTky BYR9HzbwWIAc3k30QGlQm/w0EF5heDoWrhH4sixv8Yhvx5iIqF4jWKCfGVCu yiX6LxkbG/TFFKZuHD9/Tgd94SfDfdUzXCPkLhy9BXAM6BrLdntXvukDjsx8 hwJ9WXPoj7sbDoc2DsSTJO8WEDHzN8A1mC0rr8DsOCRQI7CANaswWAJYJwwI Ush7LTbTSW5yWBV1vg2sRksIa35og4GkbqGledmloFOeBXYvm2ATep6UjnRs 4k2tFgYotWvVdIRebHuXKfa8oUuyvpTMg9ZOwUHgzl0DI2XtKDoVW7ma1IM5 YLBta7W72k9GbyEsgLMFsy4JlgWpFrBa9ApGGNNgqhqM1gP/hQwKiiTiqARW YOdB7IY4hSdDcTIBzScAtYxn2Gg6G204w9InaK+LpYrXGIdWYAQiJSK1/HQo 3ipOUKVNsrZIqa4LkikGF/U6zrZhAiEe9BNs18GFG9aJbLCaL+q1Dfslt0Zo 9rdHFh26mJYLk2DqKwaHcWiVAjnWTWggqA44Id4VaBWmhcbHoiZJQWMsb1qA PCDueAQjJSnlcMrf6fPfwzOAg5mRNMUEPGMwYDZOT4sXFIO9AMcHMS/cYB3z Plu0hmvccKx8fBY17TUB2sSfHvJouY8xcTnG7FtjMV1dJ075XdIkfQF3oCOH UUAgHw7HxtBcWqbllw9JDSYog4OeSb6kHQ+D9d4kXEOuLcgXMJZhhc9GCW0l Bq9AOVLegC1DRBhSgB2UaAbpt2I7SUk6mW9HSSyi1wrWpEWjXjpk1BFIfPLs G9mpNkwlZWUDkBH0lKNquSCkTmGbNrZgwIfWMGF4zksVSSyD8wFtxOFgdkIW DhVUyBYcvVeZS3Zt+sIVgrwJGVI/ZDNo201AYmozRFwd260DdiazhNIciH0j G5LO9OEG5KnNCcAltdnI/XlMfDNTI22aWUQgTTPNwvrIa5iEaC4q3UwXHFBi qiwCu7k7l16Bkz7PKF+7rHPXTGf25JYwHSLxx7vD3a4UYwOThNiYAyWB91Jo 0hXGw/av1xqh7b7I2FGWMWvb5lmhTctIe5DHeOPM9p58Ky7KUrxCs/TWJqmb 8cmne3EA0U0QG7y0LvEl/XS3mGVnlzdMv9F9n/waXGjoRdjoPisMF1gwNuxF /j1xlTc3zNEIYHwssMV+zteyflbfhUUsJtQY+QMBg/Hl62aEmLuDxeFYEElW Q3u0urOumuXkPoNVUhlSFEuH4ogmMNo4GWljC6S4L11Ywa0FrQ9cqstxaX/c btl8J/pr6g+HYZa6xhxx32Mtr7nY8UAJbM3B1o40ZWzbRUJbD5BLBsuPKXX2 8ikGYbXuEQZR2c5bXuC+0wSMjc7iJYsr+mSw6K6oiiBZUB/mvrlvHxPg1ZhL CkmMdQWKCB2EcSA/WlysyODCDgK6tR7pHMNgpOkx8KPLJdZfzCR+qtD+JCPs jExs2yxzwZYvvt+rYlrELruDi0w+L/MV4c7ATQByKxkjN5/XZt8XhZWw1gXl 8JdYYYDJaQpjhMf6VA+y4LDnUBxaX3WZ177+JO3IJw2tCWzxxYTC8FTCVbck A35aaRhAgjAJYiJqH8zKhUWZ7uuNQLMdM7cCfkOIHmtpEnAC+E0hihJb6Kbg 1GjmHl1tI7sxymxATHFSxwF4F9jut6LXuZbmvjmlcVZ4pVlW0wNPoO+QU4Hp 46v7z3d2djsVdqMZXrrrWkBE5D0o6CpUuMXJV7dYTjPFK+Z+61y2JB98ePrm TLjbw4pVtirgm6c7uwAxrAfj7+Phd0AWztaiQXXawU/iDm4CD9D5PjYpEzsz zGIjXUBf/WAyWKddnJ7HFcODU7lmfM1jPlPTEqAzWfotnPZ2uHZyzIr3L3EB rZaFpPpDabCGjgrlHte5CRWDKNkDGvT1F4YfZvU8fyTzReGXZaAz89dtjxa7 yI/CZcONVMKCMzUc34oJwmjt8Pzo5IScs4zKGIjlqBrP0dJqt3uxPueFYu7c OEhZ7rvZE+b2UOpAPPXm9KwxF/bFiG3IDGDyMU5OBRJQtcgBRY4lqQn8D5WX rXFEPT6ul+QMUXs2CutbKMI6OzmxAcDMV3STpDR+vV1WWuaw20l27QaH08uA 1XX3FgVecluQct91jCF1Y87fPdnZ4RVEMtn0iSWP/XYXzR/hh2uSd7iAY7ng ghmwoJRkFirnkgTNVpZjO9A8DhfFjeXY40uYdEhihp+jfu5LmpTDI0y+0QH6 Ng5sob77Zyn03cYrmeMQKL3o6sMptLUP4BgDXTasCU2VxQYTHCNPx2iPkWpn Dgp2hqEalXYgbjfc3nDnqHohoE7KpOmoLvy6ZvihCmNkb/kjL6Svv2VP/Eqr leICJYLmV87TWqiqBmSI1/uh8M4W8oeCmL3hM0y+HjYKxnxVm81/K87ecv4b eQmHoRm2ILNyf1tmG2vAlly3w5Cboxgu6DsB1UFFsiiACpmZAbGbFXDMV4Bb qTgVQOdEqQyNNPzYdOzNcgKj1ZzRWqk8H1iKw70/WA+jkT9eUAEZCkCJSuAK TD948W7ifZyot1238by1LeQVeY+GBwcMgBRCrTGtFHr0i1DsNXZz69u0WxBt Kgaw5KOwVsXMnNkycte1BesWd+Kk9IdOvMcTTOaVTgecmq8Cz9EAjBsBKYyy mMCTNfcVhX1aoNvOrgWC397GxbY3BOwpp9QKVAJuWEKOOKNtMr/8LJlIrhSu W3ZsxgrD5jCd92r9y/9AE8dUhbngHTXYUhZ+8PDKN+E3yZBk0bpSK28VJcnG NBoKXzTkxikUMim+vQPvWkArvXOlbDiKiZNskugEPaRBk10RRANfoVxw0ZDP jVZdtI6j7YmD9dujOJ7VGWy/ObhFQDQKbg3FeacTTYNul5R4onU55CYt5Ews k6v7ofwwVfKwW9dug+sMuQiaIw4jRcXfVJ4LdOZI71wu8D9fgoHEptB4s2Ou ZDKlB0ec5Ucxcznqcq5s1uD47NwH2zwzZ4Xx4bQGd17cGPVPo2TAPrZiFGiY pSVDXk48/HGuGcr9C5LhYHH2xVlZ0JVWPCGCXPsY4qN77hjwpW2FqiU6Mbug TDg6veAMS0wlTrrcj0bYFMeXfm8q9XCfYMWkOEwh2JVau2Ad9v/26PXxC1cv FcPYEPhygmI31UV1qhjVxZ5QWgZRb64mOu3uhauw9ySk4E942nVEhebf7u5h 87cv9JMvtdAKxYtVAMi2eInx9WjRw+VLkK1LynPeygDW7Ib6TSRMHK7064vp cb97ITj1jR061gGywh3KomjfqXc94HFezqi6HDtwleBuF0ftdlc55BTudk3b bSINx2zDBik2rO9y0NqtRnU+xWBExXbxhpNGS2nW7bM0wM4fwBjvCnkF1g31 aTdrLKMbbmUOC0cbcR127qOGXA0oumlYmFQjDKntrqBoyxTiIcsg5BZPMHmW 2RpNcD1yuA7wY/yebklTXBwOxMKNz1uEp3/AIpyQgzLTIw2tdi+DJjfN3XLb QmjTqDB0z0Z5INMKXQVt/Xkk+yMUGoz1XVGBgb6ec4Fky3DLHRUbWy6Bj6l/ OwIdhSQf3Ixho0CZKL9Y2Wu3kGTTJFnDZpxTokqfcMTtgRPjwpWPdtOjDpc/ myRULpCFSAhaubpR4+GiU38o3ShDf2/CNfF0R5b6dpJZ/U6ZjQVtg7yBiNhs hqn4h4meExGT2Y0USuoMb9M/yBi4+XhMLlEma4kOZ0Iql761W89Dmec2R4zc Ll7LX5zCA2ePGtO2MW8UYFzgds71H0voT2LDnyqwejeSeoV33IvWlimtw0LP M6Ea5RJMWnyCNrhYv9MuRSgAB1d3iaW9hkuUJss83374hD3F9UdGBhTVrRuJ Q5CT6Y574w56nAXc55JjCGKLrRtKwG20AxjHDeA9lBNZSPPZBudLITpMzPlU W8PDrnPTCLPf09XGxiNXO8BkZGBfgB4IaLOK2ZLcZtyWYmbyPW3LkhNolIoP Hp4B+orcPhpEnbiVdv88kkHmGHTXwY7yxggkMV26dL+HZTmCnzl8qLpWZhwu f8riFPHKgNcHrqALGUQtuwrUkFJ2q/Uw8RPlmXPObzh6xkRr0Po2ivl0YbyI rdTh9cEgemCgs/00Sxgn5WwowoUHOU/gu/DzibI+HK+hcM3e3tcuGsRd2VTa fkdmvp0PbHQdR73tzXcYRzKQPxEA2kPSeEtrQ1zaVXx3MQpJUZbd5bC19+FD qO91xeQcPtnk2qd8MnSlDkjV+KAXn0WlvYWuGI2sBVmebbG3s9OHP0/xzzP8 8zX+eQ5/dnfxD17Y3cM/eHUXr+5+08dyw+uZ0J7yxitwIx/GO0j9qIdxI4tZ JY1vppulWq3wQ7dzx0XKj0Dq+PrvrzG83qasBu03nql8YXAXHC77UpsZLGm9 QiN+TZlx8ygkFhjc8tWqH/b1my12PVaFjjVVwq8ZX7xdVf2Da7R8+tjt7x5J u+8BAV8aUQQL+xgrR0ug+RqTIDhtmxJxjwOKxGr6UKvfwD2fYwj2vhiuob5O Cu/Luj5aROafL7W/9R5GgcoiWt6ypY+j393MxZ/vQXeeMumSDljLfCqr6bX0 s9uFbGrw0uhf70PIa4m3IlFq7HClkIWN2hI/AmTHsV2vArmBgW1ggKNrqkIb iCXgWa64QRoKPxuAG/lKaaRfraNs4yhEUA6EHqphv12G5IPDYb9tWbnIVFyn g87dw+MKPkTmFDMpd2aM34kh4nKmghbtSmdLoFSyHy/nJI+sP51X+PjNxM5F LELyjPUGtjygfXAGPDKdcp8urzdMePFmHsSH8JZ7dvBgOOX7MlvfzhwjuOt3 1hXY5CesOj52P71AHQWlIE2sE6IMYaiN/D+rFi7sBrE7Wwu3k/TLmIvmGQr3 5wbbwqcZDPvw/1uMmDXuYzI8d3xpm5HuEf8co+EY5n5WI+3/ZrPhWfJ+duOu XTwkhikMPDI4ooL5a1z5wCl08yVX139aBCxT/LSjF3dvf2scW3Q9B/D9aeCl 4RhHZR3U9pZ3DYgEbubCztwVSPoNbXwQ4QNcM3v68J2WbMz3/n4rZhv8ExbM Hbr8b7deraRUQ6rumJGyCZbrUnSgRnVtN+q6AufUVX6guSbq7N1iWgHkFi+p fKdBqiVfvOTani5CJW24GFLLqrtjpMJuMmrwYcbW3Z6EzlxRx56MeyaLqHm/ U+juaSO7SYUfsDXj7nQt3oXJWRg6CjvU7hfNPckPNCzDBcsn7ji1dhyrsTHa ydat1A/ji/WlyEt70rs7jSbNOV+3g5Byy5ivj0GY9BCMvtC5dLDq2aLUeBSR r2ARHVu1PisRjZOl/e9xNi7eHRZOzPXU+hIi01i8hsx0bWm/r0H05+wx/y8L OrksRGld0Pk6Wt6Btb9URScT5ygJSHdSKIlZf06us1JTcJ34cK5GKPwBU+i0 BPk6hhGNk1owpk0OFy8zd/E2qgD0Z9aIXroQy6g7qodqVbHpUMTg+rDbWsOZ cHMFsNXKP5/7/fzZ86/pWISHZsW69/U1Nrw0dqZEO/q6TgK6116+pIH/38X3 +bv4eL/OA93AR4P78zbvNUXvTrv3km1z8QluX2yPXrwlMNmd55yyO2/R8wfS 2HMd2ufFRn1Rq23t9MvPv6qqpK3tCBfd1rzkNBA+GdXhUF3xgYtcZActg4zY /YA3KTjUTukelNYOdr8JhU6stG3eWSH+8rM9RAtasSddfcI2xbAfKdmn6DPn v/zsfgX1ejLpXlZ7TDkd2KXjTLo/Nix+jUv34RWDQboFxx4aE3bYePtkD+iI X+bDp2Aq9/afjqPT+uSuc6nHDcdI8qYQf2YvDAq7us8RZ0EP2EXxJ020yBaO OTPXkO1GktE2pag74obhn7vFVJwcnh0i5IuOze713qEOjd6h1nevXLPn86VG 9IYN8d6fvsXkftKU6U0n5WKZ2yHNgytaN89zi177g481T4XDpUS+u1L52h2Q 3Hxlj32we59sem66PwwOiZy+k8m/u45baShpPgrXwZQ1Wnj053wg0jv7W0jQ bRvER23ug12k3/l3+8LCaI3gkj/NAfhSFtAh/taJREBvdhfpHJEaJegAHHTu Dl9PuQiAmz9FvNd7XahwLo6eowKJD20fg8tkIQoLfcJY0L89n1y0XtJkD1DU 5FSAZ4wb8FrnM3a91KpjR0Zah0MnDg345Q+LMi+n6/B6p0VJRy75o4Vdx1SD zO+IwfPGMUVRh3bs2w4aahZwBXCY4vfwzGA6qOImBHvKfDlXfKyLOzNDF4sl voKO31YRzyx69wQeOWYPVOOztK8UJlfAttDLOfWvKuOzMZlB4/OzxjQsAFLG 6lZ8R2LBS0NvxbBhB2/LG+rZvp4GD8/lzbTpHkd3aAnWPiXp2fZLAmLMe3uP uDGhCK+c5NpvXC8PQmhDZwxB5rYQixCj87lgJSsNkDsctIY0Q7Q3drMAepj4 vCw8bu7UvkKr74sUGQalB5fF55aRixAVNQbYZCfE77ITh7kp++F35tTaOgpI IyoV1li/3DxclKafSz2nAmI8C0zagnk7NXdkYQgLEVZHK16Mq/UCddl4Bghb 5dvkh2A0lPjIHSqUlbR+9r2P5Dj8L4FIzyo5dwAA --></rfc>